Bug#234556: xlibs: many clients get BadLength error from X_ChangeProperty request
Hi all,
I also have a transmeta Crusoe processor with an ATI Radeon Mobility M6
LY (Vaio C1-MZX). Of course, I am experimenting the exact same bug as
described previously. As it is getting on my nerves I decided to
investigate a little bit by myself where does it comes from. I first
compiled xlogo with the debugging informations and ran gdb on
it. I got this output:
===============================================================
[fleury@hermes xlogo]$ gdb ./xlogo
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-linux"...
(gdb) run -synchronous
Starting program:
/home/fleury/devel/xfree_bug/src/xc/programs/xlogo/xlogo -synchronous
X Error of failed request: BadLength (poly request too large or
internal Xlib length error)
Major opcode of failed request: 18 (X_ChangeProperty)
Serial number of failed request: 29
Current serial number in output stream: 30
Program exited with code 01.
(gdb) break main
Note: breakpoint 1 also set at pc 0x8049327.
Breakpoint 2 at 0x8049327: file xlogo.c, line 117.
(gdb) run -synchronous
Starting program:
/home/fleury/devel/xfree_bug/src/xc/programs/xlogo/xlogo -synchronous
Breakpoint 1, main (argc=2, argv=0xbffff8b4) at xlogo.c:117
117 toplevel = XtOpenApplication(&app_con, "XLogo",
(gdb) s
121 if (argc != 1)
(gdb)
124 XtAddCallback(toplevel, XtNsaveCallback, save, NULL);
(gdb)
125 XtAddCallback(toplevel, XtNdieCallback, die, NULL);
(gdb)
126 XtAppAddActions
(gdb)
128 XtOverrideTranslations
(gdb)
130 XtCreateManagedWidget("xlogo", logoWidgetClass, toplevel,
NULL, ZERO);
(gdb)
131 XtRealizeWidget(toplevel);
(gdb)
X Error of failed request: BadLength (poly request too large or
internal Xlib length error)
Major opcode of failed request: 18 (X_ChangeProperty)
Serial number of failed request: 29
Current serial number in output stream: 30
Program exited with code 01.
===============================================================
That was obviously not totally satisfactory because I was stuck at the
level of the X server and there was no way t get deeper. So, I compiled
the whole XFree86-4.3.0 with the "-g" option.
I manage to get closer to the problem, but I'm still stuck and I don't
know really why I can't go deeper (I might have done something wrong as
well). Here is the log that I get:
===============================================================
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-linux"...
(gdb) break Color.c:99
Breakpoint 1 at 0x808c406: file Color.c, line 99.
(gdb) run :6
Starting program:
/home/fleury/devel/xfree_bug/src/xc/programs/Xserver/Xnest :6
Breakpoint 1, xnestCreateColormap (pCmap=0x83b7310) at Color.c:99
99 XQueryColors(xnestDisplay, xnestColormap(pCmap), colors,
ncolors);
(gdb) break QuColors.c:55
Breakpoint 2 at 0x4009cf44: file QuColors.c, line 55.
(gdb) c
Continuing.
Breakpoint 2, XQueryColors (dpy=0x83b0750, cmap=65535, defs=0x83b6218,
ncolors=64) at QuColors.c:55
55 if (_XReply(dpy, (xReply *) &rep, 0, xFalse) != 0) {
(gdb) s
_XReply (dpy=0x83b0750, rep=0xbffff4f0, extra=0, discard=0) at
XlibInt.c:1642
1642 unsigned long cur_request = dpy->request;
(gdb)
1647 if (dpy->flags & XlibDisplayIOError)
(gdb)
1652 cvl = QueueReplyReaderLock(dpy);
(gdb)
1653 if (cvl) {
(gdb)
_XFlushInt (dpy=0x83b0750, cv=0x0) at XlibInt.c:589
589 if (dpy->flags & XlibDisplayIOError)
(gdb)
597 while (dpy->flags & XlibDisplayWriting) {
(gdb)
605 size = todo = dpy->bufptr - dpy->buffer;
(gdb)
606 if (!size) return;
(gdb)
605 size = todo = dpy->bufptr - dpy->buffer;
(gdb)
606 if (!size) return;
(gdb)
612 for (ext = dpy->flushes; ext; ext = ext->next_flush)
(gdb)
608 dpy->flags |= XlibDisplayWriting;
(gdb)
610 dpy->bufptr = dpy->bufmax;
(gdb)
608 dpy->flags |= XlibDisplayWriting;
(gdb)
612 for (ext = dpy->flushes; ext; ext = ext->next_flush)
(gdb)
610 dpy->bufptr = dpy->bufmax;
(gdb)
612 for (ext = dpy->flushes; ext; ext = ext->next_flush)
(gdb)
620 while (size) {
(gdb)
614 bufindex = dpy->buffer;
(gdb)
620 while (size) {
(gdb)
621 ESET(0);
(gdb)
622 write_stat = _X11TransWrite(dpy->trans_conn,
(gdb)
_X11TransWrite (ciptr=0x83b0cf0, buf=0x83b0cf0 "@g\023@\003",
size=138087664) at Xtrans.c:843
843 return ciptr->transptr->Write (ciptr, buf, size);
(gdb)
_X11TransSocketWrite (ciptr=0x83b0db0, buf=0x83b0db0 "<\001\002",
size=138087856) at Xtranssock.c:1750
1750 return write (ciptr->fd, buf, size);
(gdb)
1744 {
(gdb)
1750 return write (ciptr->fd, buf, size);
(gdb)
1752 }
(gdb)
_X11TransWrite (ciptr=0x30c, buf=0x30c <Address 0x30c out of bounds>,
size=780)
at Xtrans.c:844
844 }
(gdb)
_XFlushInt (dpy=0x83b0750, cv=0x0) at XlibInt.c:624
624 if (write_stat >= 0) {
(gdb)
625 size -= write_stat;
(gdb)
627 bufindex += write_stat;
(gdb)
626 todo = size;
(gdb)
627 bufindex += write_stat;
(gdb)
660 dpy->last_req = (char *)&_dummy_request;
(gdb)
661 if ((dpy->request - dpy->last_request_read) >= SEQLIMIT &&
(gdb)
660 dpy->last_req = (char *)&_dummy_request;
(gdb)
661 if ((dpy->request - dpy->last_request_read) >= SEQLIMIT &&
(gdb)
667 dpy->bufptr = dpy->buffer;
(gdb)
669 dpy->flags &= ~XlibDisplayWriting;
(gdb)
671 }
(gdb)
_XReply (dpy=0x83b0750, rep=0xbffff4f0, extra=0, discard=0) at
XlibInt.c:1670
1670 if(dpy->lock &&
(gdb)
1674 dpy->flags |= XlibDisplayReply;
(gdb)
1682 if (!dpy->lock || !dpy->lock->reply_was_read)
(gdb)
1684 (void) _XRead(dpy, (char *)rep, (long)SIZEOF(xReply));
(gdb)
_XRead (dpy=0x83b0750, data=0xbffff4f0 "\004398587", size=32)
at XlibInt.c:1038
1038 if ((dpy->flags & XlibDisplayIOError) || size == 0)
(gdb)
1032 {
(gdb)
1035 int original_size = size;
(gdb)
1038 if ((dpy->flags & XlibDisplayIOError) || size == 0)
(gdb)
1040 ESET(0);
(gdb)
1041 while ((bytes_read = _X11TransRead(dpy->trans_conn, data,
(int)size))
(gdb)
_X11TransRead (ciptr=0x83b0cf0, buf=0x83b0cf0 "@g\023@\003",
size=138087664)
at Xtrans.c:836
836 return ciptr->transptr->Read (ciptr, buf, size);
(gdb)
_X11TransSocketRead (ciptr=0xbffff4f0, buf=0xbffff4f0
"\020A*@`\\8\bD\001", size=-1073744656) at Xtranssock.c:1736
1736 return read (ciptr->fd, buf, size);
(gdb)
1730 {
(gdb)
1736 return read (ciptr->fd, buf, size);
(gdb)
1738 }
(gdb)
_X11TransRead (ciptr=0x20, buf=0x20 <Address 0x20 out of bounds>,
size=32)
at Xtrans.c:837
837 }
(gdb)
_XRead (dpy=0x83b0750, data=0xbffff4f0 "", size=32) at XlibInt.c:1072
1072 if (dpy->lock && dpy->lock->reply_bytes_left > 0)
(gdb)
1081 return 0;
(gdb)
1082 }
(gdb)
_XReply (dpy=0x83b0750, rep=0xbffff4f0, extra=0, discard=0) at
XlibInt.c:1686
1686 if (dpy->lock)
(gdb)
1690 switch ((int)rep->generic.type) {
(gdb)
1748 register Bool ret = False;
(gdb)
1753 dpy->flags &= ~XlibDisplayReply;
(gdb)
1754 serial = _XSetLastRequestRead(dpy, (xGenericReply *)rep);
(gdb)
_XSetLastRequestRead (dpy=0x83b0750, rep=0x83b0750) at XlibInt.c:1601
1601 lastseq = dpy->last_request_read;
(gdb)
1598 {
(gdb)
1601 lastseq = dpy->last_request_read;
(gdb)
1607 if ((rep->type & 0x7f) == KeymapNotify)
(gdb)
1598 {
(gdb)
1607 if ((rep->type & 0x7f) == KeymapNotify)
(gdb)
1610 newseq = (lastseq & ~((unsigned long)0xffff)) |
rep->sequenceNumber;
(gdb)
1612 if (newseq < lastseq) {
(gdb)
1623 dpy->last_request_read = newseq;
(gdb)
1624 return(newseq);
(gdb)
1623 dpy->last_request_read = newseq;
(gdb)
1625 }
(gdb)
_XReply (dpy=0x83b0750, rep=0xbffff4f0, extra=0, discard=0) at
XlibInt.c:1755
1755 if (serial == cur_request)
(gdb)
1782 for (ext = dpy->ext_procs; !ret && ext; ext = ext->next) {
(gdb)
1783 if (ext->error)
(gdb)
1782 for (ext = dpy->ext_procs; !ret && ext; ext = ext->next) {
(gdb)
1783 if (ext->error)
(gdb)
1782 for (ext = dpy->ext_procs; !ret && ext; ext = ext->next) {
(gdb)
1783 if (ext->error)
(gdb)
1782 for (ext = dpy->ext_procs; !ret && ext; ext = ext->next) {
(gdb)
1787 _XError(dpy, err);
(gdb)
_XError (dpy=0x83b0750, rep=0xbffff4f0) at XlibInt.c:2873
2873 event.xerror.serial = _XSetLastRequestRead(dpy, (xGenericReply
*)rep);
(gdb)
2865 {
(gdb)
2873 event.xerror.serial = _XSetLastRequestRead(dpy, (xGenericReply
*)rep);
(gdb)
_XSetLastRequestRead (dpy=0x83b0750, rep=0xbffff4f0) at XlibInt.c:1601
1601 lastseq = dpy->last_request_read;
(gdb)
1598 {
(gdb)
1601 lastseq = dpy->last_request_read;
(gdb)
1607 if ((rep->type & 0x7f) == KeymapNotify)
(gdb)
1598 {
(gdb)
1607 if ((rep->type & 0x7f) == KeymapNotify)
(gdb)
1610 newseq = (lastseq & ~((unsigned long)0xffff)) |
rep->sequenceNumber;
(gdb)
1612 if (newseq < lastseq) {
(gdb)
1623 dpy->last_request_read = newseq;
(gdb)
1624 return(newseq);
(gdb)
1623 dpy->last_request_read = newseq;
(gdb)
1625 }
(gdb)
_XError (dpy=0x83b0750, rep=0xbffff4f0) at XlibInt.c:2875
2875 for (async = dpy->async_handlers; async; async = next) {
(gdb)
2883 event.xerror.type = X_Error;
(gdb)
2882 event.xerror.display = dpy;
(gdb)
2884 event.xerror.resourceid = rep->resourceID;
(gdb)
2885 event.xerror.error_code = rep->errorCode;
(gdb)
2886 event.xerror.request_code = rep->majorCode;
(gdb)
2887 event.xerror.minor_code = rep->minorCode;
(gdb)
2888 if (dpy->error_vec &&
(gdb) p rep->resourceID
$1 = 12582940
(gdb) p rep->errorCode
$2 = 16 '\020'
(gdb) p rep->majorCode
$3 = 18 '\022'
(gdb) p rep->minorCode
$4 = 0
(gdb) c
Continuing.
Program exited with code 01.
(gdb) quit
==============================================
Ok, so I didn't found yet the exact point where I get this error (it's a
little bit blurred to me as I am not an expert in X debugging), but I
think I'm getting closer (it's somewhere here in the trace given by
gdb).
Well, if somebody can help me out to go deeper. :)
I also found some documentations about the Transmeta here:
http://www.realworldtech.com/page.cfm?ArticleID=RWT010204000000
http://www.realworldtech.com/page.cfm?ArticleID=RWT012704012616
Regards
--
Emmanuel Fleury
Computer Science Department, | Office: B1-201
Aalborg University, | Phone: +45 96 35 72 23
Fredriks Bajersvej 7E, | Fax: +45 98 15 98 89
9220 Aalborg East, Denmark | Email: fleury@cs.auc.dk
Reply to: